<?php

include("conn.php");
session_start();
$error='';

function redirect($page) {
    header('Location: ' . $page);
    exit;
}


if (isset($_POST['password'])) {
    

    $password = htmlentities((trim($_POST['password'])));

    $login = mysql_query("select * from siswa where username='mimin'");
    $countrow = mysql_num_rows($login);
    if (empty($countrow)) {
        $error = "Password Salah";
    } else {
        while ($row = mysql_fetch_array($login)) {
            $id_siswa=$row['id_siswa'];
            $username = $row['username'];
            $tingkat = $row['tingkat'];
            $mypass= $row['password'];
            $status = $row['status'];
            $nim = $row['nim'];
        }
        if($mypass==md5($password)){
            $_SESSION['id_siswa'] = $id_siswa;
            $_SESSION['username']=$username;
            $_SESSION['tingkat'] = $tingkat;
            $_SESSION['nim'] = $nim;
            redirect("laman_admin.php");
        }
        else{
            $error="Password Salah";
        }
        
            
    }
} else
    unset($_POST['password']);
    mysql_close($connect);
?>
